Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vestacp control panel vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-10786
A remote command execution in Vesta Control Panel up to and including 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10787
An elevation of privilege in Vesta Control Panel up to and including 0.9.8-26 allows an malicious user to gain root system access from the admin account via v-change-user-password (aka the user password change script).
Vestacp Vesta Control Panel
6.1
CVSSv3
CVE-2019-9841
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
Vestacp Control Panel 0.9.8-23
6.1
CVSSv3
CVE-2018-10686
An issue exists in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.
Vestacp Control Panel 0.9.8-20
8.8
CVSSv3
CVE-2019-12792
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote malicious users to escalate from regular registered users to root.
Vestacp Control Panel 0.9.8-24
8.8
CVSSv3
CVE-2019-12791
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote malicious users to escalate from regular registered users to root via the password reset form.
Vestacp Control Panel 0.9.8-24
9.8
CVSSv3
CVE-2021-43693
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
Vestacp Vesta Control Panel 0.9.8-24
8.8
CVSSv3
CVE-2021-28379
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) up to and including 0.9.8-27 and myVesta up to and including 0.9.8-26-39 allows uploads from a different origin.
Myvestacp Myvesta
Vestacp Vesta Control Panel
6.1
CVSSv3
CVE-2022-34025
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
6.1
CVSSv3
CVE-2022-36303
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »